Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
AdvancedReclaiMeFreeRAIDRecoveryFreeSetup.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Advanced ReclaiMe Free RAID Recovery Free, Author: www.reclaime.com, Keywords: Installer, Comments: This
installer database contains the logic and data required to install Advanced ReclaiMe Free RAID Recovery Free., Template: Intel;1033,
Revision Number: {BAAEC4FF-367D-45A2-B266-709F9930739C}, Create Time/Date: Fri Apr 12 15:52:02 2024, Last Saved Time/Date:
Fri Apr 12 15:52:02 2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset
(3.11.2.4516), Security: 2
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\BackupExtractor.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libmodel.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libssl-1_1.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libxml2-2.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\msvcp140_atomic_wait.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\msvcp140_codecvt_ids.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\ucrtbase.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\zlib1.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Config.Msi\4c320b.rbs
|
data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\ActivityTracesHelper.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\Plugin.db
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\Renders\Memo.db
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\Videos\Plan.wav
|
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\concrt140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\groceryc.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\iconv.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libBasic.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libHelper.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libI18n.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libRG.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libUpdate.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libView.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libcrypto-1_1.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libcurl.dll
|
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libexpat.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\libglog.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\msvcp140_1.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\msvcp140_2.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\pthreadGC2.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\vccorlib140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Aeeqeayhuhpyr
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Aefqsrpyphpud
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Artdtudiueptp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Doeiyeudsesf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Doiiqeoyhiuu
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Dssoudhfrqfe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Dssoudhfrqfe-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Eaoettiaawqfaro
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Eaoowssy
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Eepeeoaw
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Efwfaqqq
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Epahsoup
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Fdreht
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Ferepq
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Fetsqh
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Fsuotd
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Htufwph
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Idafdrpasdi
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Ioftfpppefy
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Ipfpeoitpay
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Itysuyushiq
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Iuespohtose
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Oddqspsputwp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Oeuweeteyhpp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Ofyyutieeqhs
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Ofyyutieeqhs-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Owaeedapdrhy
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Owrepqosrwuq
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Perhepso
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Piouuyiqowo
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Piwqqeeeyaf
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Qhyeraedroyyyt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Qowroeesfyoyre
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Qqewptfsehtudy
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Qraquyostiuews
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Qraquyostiuews-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Qwewfifwqueesh
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Raafyiaastoyq
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Rauusweeoeqar
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Rduuodeqso
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Rduuodeqso-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Rudoehrsup
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Satetseaaoods
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Sieirefowet
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Spftre
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tquoifhieitawo
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Trsquwsdretrdu
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Wftdsr
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Wpefhtaetdehqhy
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Wtsrweoehtqydaq
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Wwayepwofduqu
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Wyudphfye
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Yawqyuaqr
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Yawqyuaqr-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Ydtusdaft
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Yrrssudta
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Yrsistyhe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Yrsistyhe-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Ytotaeupt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3gqlqhaz.0jj.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b5zjc2el.05m.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e5vyqyhw.chs.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ozgpe0sh.uam.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Installer\4c320a.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Advanced ReclaiMe Free RAID Recovery Free, Author: www.reclaime.com, Keywords: Installer, Comments: This
installer database contains the logic and data required to install Advanced ReclaiMe Free RAID Recovery Free., Template: Intel;1033,
Revision Number: {BAAEC4FF-367D-45A2-B266-709F9930739C}, Create Time/Date: Fri Apr 12 15:52:02 2024, Last Saved Time/Date:
Fri Apr 12 15:52:02 2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset
(3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\4c320c.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Advanced ReclaiMe Free RAID Recovery Free, Author: www.reclaime.com, Keywords: Installer, Comments: This
installer database contains the logic and data required to install Advanced ReclaiMe Free RAID Recovery Free., Template: Intel;1033,
Revision Number: {BAAEC4FF-367D-45A2-B266-709F9930739C}, Create Time/Date: Fri Apr 12 15:52:02 2024, Last Saved Time/Date:
Fri Apr 12 15:52:02 2024, Number of Pages: 200, Number of Words: 10, Name of Creating Application: Windows Installer XML Toolset
(3.11.2.4516), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI3566.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{58F90A35-6245-4CD8-953C-458660066C65}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF0ACC04FED81BC5A5.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF54EAD2A2DE8C7E31.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF5B6536B42CF01FEB.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF6F5C6E2DAFBE1548.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF7A88A451899D604D.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF7CE3EAA7D2D8B3BD.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF80563B4A6048EC18.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFC2D416FF6D026E92.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFC4865D13A6116123.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFD5DE597F9BA87F56.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFDECDA8E549DFF1D6.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DFE710D7F65E72009B.TMP
|
data
|
dropped
|
There are 107 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\BackupExtractor.exe
|
"C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\BackupExtractor.exe"
|
|
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\BackupExtractor.exe
|
"C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\BackupExtractor.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath
"C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\BackupExtractor.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Programs\Advanced
ReclaiMe Free RAID Recovery Free\BackupExtractor.exe"
|
|
|
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\BackupExtractor.exe
|
"C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\BackupExtractor.exe"
|
|
|
|
C:\Windows\System32\msiexec.exe
|
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\AdvancedReclaiMeFreeRAIDRecoveryFreeSetup.msi"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://curl.se/docs/hsts.html
|
unknown
|
||
|
http://html4/loose.dtd
|
unknown
|
||
|
https://curl.se/docs/alt-svc.html#
|
unknown
|
||
|
http://www.openssl.org/support/faq.htmlRAND
|
unknown
|
||
|
https://curl.se/docs/http-cookies.html
|
unknown
|
||
|
http://www.openssl.org/V
|
unknown
|
||
|
https://curl.se/docs/hsts.html#
|
unknown
|
||
|
http://www.brynosaurus.com/cachedir/
|
unknown
|
||
|
https://curl.se/docs/http-cookies.html#
|
unknown
|
||
|
https://curl.se/docs/alt-svc.html
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
There are 3 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
65.38.121.69
|
unknown
|
United States
|
||
|
8.8.8.8
|
unknown
|
United States
|
||
|
146.19.254.194
|
unknown
|
France
|
||
|
192.121.22.224
|
unknown
|
Sweden
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Config.Msi\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\4c320b.rbs
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
|
C:\Config.Msi\4c320b.rbsLow
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\BBC1D051457178959B0F5B821AF1E8CD
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\95A66911470B00E508B5C0418AB34A16
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\FDF115CBFB604CF5B96D7238F1C25E7C
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\3599258D665BF2C5CBD84142845850E9
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\79B928359A4B4A052BF8F9616FE59BB1
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\B26203E6F6881C25EBA700C2D43F6A42
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\A9D48A3626F2D9450BBD83A4A3340C9E
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\85A8D040C7A26F15DA8CA4741D02877A
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\2C0FAF370352F5359AB4B99CF07776C7
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\5049E05DDB0EF08578B24DA5EB6CBA1C
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\3197933E78A1B6A559CC8982474F6A52
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9C16EBC6A12B21052B55825E7503E6EB
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\D4182110D56702250A39D76B9F13681F
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\3DE42966B34EB8C50A6AF17AC9DC961D
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\35DD68FC59E80195F87934FF6A375790
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\AEADE6F66856841538376590924C3408
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\FF56F6F67CF2D4A5B87FB560A01E1256
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\07399FAFF5AB364548D00E1576F7C4FD
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\C9D656E7519573155B79FBC90DAD54C6
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\78FC955D2FACC105F99E47C67DE6B361
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\69D6CBC0DCE3AFC50BF3048EDD63CA66
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\8D5084F5AA578185599D6D2D8EA1DB8C
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\9E81BE3649CED6F5193C8DD3BAA9BF08
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\239F274ED52FCAA588C922566320C894
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\437714FE0825E3B5ABDB0DEF3340A8DA
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\EA49954D2AFC538528DF4DF1B5540B1D
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\6F72EA43B035ACB5A8A129DDC279C8B0
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\577B0D750E8DF4C57A412D041966809C
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\B4376C3F908C45B5E9347305403029B1
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Components\8649694AFCF0BE45E8FD75BB3225406C
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Local\Programs\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
|
C:\Users\user\AppData\Local\Programs\Advanced ReclaiMe Free RAID Recovery Free\Videos\
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
LocalPackage
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
AuthorizedCDFPrefix
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
Comments
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
Contact
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
DisplayVersion
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
HelpLink
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
HelpTelephone
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
InstallDate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
InstallLocation
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
InstallSource
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
ModifyPath
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
Publisher
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
Readme
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
Size
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
EstimatedSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
UninstallString
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
URLInfoAbout
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
URLUpdateInfo
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
VersionMajor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
VersionMinor
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
WindowsInstaller
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
Version
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
Language
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\2CD1ECF9EEA86D54ABAEE8A5649D5D25
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\InstallProperties
|
DisplayName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{58F90A35-6245-4CD8-953C-458660066C65}
|
DisplayName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\53A09F8554268DC459C354680660C656
|
f
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\Features
|
f
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2246122658-3693405117-2476756634-1003\Products\53A09F8554268DC459C354680660C656\Patches
|
AllPatches
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
ProductName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
PackageCode
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
Language
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
Version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
Assignment
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
AdvertiseFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
InstanceType
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
AuthorizedLUAApp
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
DeploymentFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\UpgradeCodes\2CD1ECF9EEA86D54ABAEE8A5649D5D25
|
53A09F8554268DC459C354680660C656
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656\SourceList
|
PackageName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656\SourceList\Net
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656\SourceList\Media
|
1
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656
|
Clients
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\53A09F8554268DC459C354680660C656\SourceList
|
LastUsedSource
|
||
|
HKEY_CURRENT_USER
|
ProxyEnable
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BackupExtractor_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BackupExtractor_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BackupExtractor_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BackupExtractor_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BackupExtractor_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BackupExtractor_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BackupExtractor_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Image AutoEnhancer
|
There are 106 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8F62000
|
heap
|
page read and write
|
|
|
|
8F69000
|
heap
|
page read and write
|
|
|
|
8F67000
|
heap
|
page read and write
|
|
|
|
7E84000
|
heap
|
page read and write
|
|
|
|
8420000
|
heap
|
page read and write
|
|
|
|
950D000
|
heap
|
page read and write
|
|
|
|
8F8B000
|
heap
|
page read and write
|
|
|
|
9AAC000
|
heap
|
page read and write
|
|
|
|
8F65000
|
heap
|
page read and write
|
|
|
|
950F000
|
heap
|
page read and write
|
|
|
|
89DF000
|
heap
|
page read and write
|
|
|
|
8F61000
|
heap
|
page read and write
|
|
|
|
9501000
|
heap
|
page read and write
|
|
|
|
8435000
|
heap
|
page read and write
|
|
|
|
950D000
|
heap
|
page read and write
|
|
|
|
9500000
|
heap
|
page read and write
|
|
|
|
6D47E000
|
unkown
|
page read and write
|
||
|
6CCD9000
|
unkown
|
page read and write
|
||
|
70F40000
|
unkown
|
page readonly
|
||
|
C55000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FCD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EAF000
|
stack
|
page read and write
|
||
|
6FE0000
|
trusted library allocation
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
6F1E000
|
heap
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
62E9D000
|
unkown
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
C00000
|
trusted library allocation
|
page read and write
|
||
|
62494000
|
unkown
|
page readonly
|
||
|
7EC00000
|
direct allocation
|
page read and write
|
||
|
7FCF0000
|
direct allocation
|
page read and write
|
||
|
7D20000
|
heap
|
page read and write
|
||
|
7E5C0000
|
direct allocation
|
page read and write
|
||
|
6CC60000
|
unkown
|
page readonly
|
||
|
6D6C1000
|
unkown
|
page execute read
|
||
|
6ABF000
|
stack
|
page read and write
|
||
|
6B3E000
|
stack
|
page read and write
|
||
|
6D2D5000
|
unkown
|
page readonly
|
||
|
6E930000
|
unkown
|
page readonly
|
||
|
6CF39000
|
unkown
|
page write copy
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
6D0F6000
|
unkown
|
page readonly
|
||
|
6F70000
|
trusted library allocation
|
page read and write
|
||
|
7EBE0000
|
direct allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
6CEB3000
|
unkown
|
page readonly
|
||
|
F44000
|
heap
|
page read and write
|
||
|
6ECB000
|
heap
|
page read and write
|
||
|
6D0B0000
|
unkown
|
page readonly
|
||
|
F15000
|
heap
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
9DA000
|
heap
|
page read and write
|
||
|
2EDB000
|
heap
|
page read and write
|
||
|
6CF36000
|
unkown
|
page write copy
|
||
|
6D471000
|
unkown
|
page execute read
|
||
|
6CCF1000
|
unkown
|
page execute read
|
||
|
6CCBE000
|
unkown
|
page read and write
|
||
|
68AF000
|
stack
|
page read and write
|
||
|
62E80000
|
unkown
|
page readonly
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
6CCBF000
|
unkown
|
page write copy
|
||
|
7EBE0000
|
direct allocation
|
page read and write
|
||
|
6E930000
|
unkown
|
page readonly
|
||
|
71005000
|
unkown
|
page readonly
|
||
|
6D015000
|
unkown
|
page readonly
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
7D3C000
|
heap
|
page read and write
|
||
|
B11000
|
unkown
|
page write copy
|
||
|
6D6C0000
|
unkown
|
page readonly
|
||
|
2EA8000
|
heap
|
page read and write
|
||
|
6D4C0000
|
unkown
|
page readonly
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
7FA70000
|
direct allocation
|
page read and write
|
||
|
65C000
|
stack
|
page read and write
|
||
|
F46000
|
heap
|
page read and write
|
||
|
4750000
|
heap
|
page execute and read and write
|
||
|
6EE01000
|
unkown
|
page execute read
|
||
|
62480000
|
unkown
|
page readonly
|
||
|
6D471000
|
unkown
|
page execute read
|
||
|
4CC6000
|
trusted library allocation
|
page read and write
|
||
|
6E929000
|
unkown
|
page read and write
|
||
|
6E926000
|
unkown
|
page readonly
|
||
|
6D104000
|
unkown
|
page readonly
|
||
|
5901000
|
trusted library allocation
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
6F1E000
|
heap
|
page read and write
|
||
|
6D101000
|
unkown
|
page read and write
|
||
|
7DAA000
|
heap
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
2E77000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
5E6000
|
heap
|
page read and write
|
||
|
6D42C000
|
unkown
|
page readonly
|
||
|
6CCD4000
|
unkown
|
page readonly
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
2EFD000
|
heap
|
page read and write
|
||
|
6D73000
|
heap
|
page read and write
|
||
|
693A000
|
stack
|
page read and write
|
||
|
2D86000
|
heap
|
page read and write
|
||
|
71004000
|
unkown
|
page write copy
|
||
|
7170000
|
trusted library allocation
|
page read and write
|
||
|
7190000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E921000
|
unkown
|
page execute read
|
||
|
3080000
|
heap
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
4EC6000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
B13000
|
unkown
|
page read and write
|
||
|
2E92000
|
heap
|
page read and write
|
||
|
B12000
|
unkown
|
page write copy
|
||
|
6D42C000
|
unkown
|
page readonly
|
||
|
6D080000
|
unkown
|
page readonly
|
||
|
6D52A000
|
unkown
|
page readonly
|
||
|
6D4C1000
|
unkown
|
page execute read
|
||
|
6D0D0000
|
unkown
|
page readonly
|
||
|
62498000
|
unkown
|
page write copy
|
||
|
47C2000
|
trusted library allocation
|
page read and write
|
||
|
748000
|
heap
|
page read and write
|
||
|
6E92A000
|
unkown
|
page readonly
|
||
|
6D3D1000
|
unkown
|
page execute read
|
||
|
F26000
|
heap
|
page read and write
|
||
|
57C4000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
6D426000
|
unkown
|
page read and write
|
||
|
6E92A000
|
unkown
|
page readonly
|
||
|
467E000
|
stack
|
page read and write
|
||
|
F17000
|
heap
|
page read and write
|
||
|
7D62000
|
heap
|
page read and write
|
||
|
6ECA000
|
heap
|
page read and write
|
||
|
93D000
|
stack
|
page read and write
|
||
|
5789000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
62481000
|
unkown
|
page execute read
|
||
|
9E8000
|
heap
|
page read and write
|
||
|
7C6A000
|
trusted library allocation
|
page read and write
|
||
|
6ECA000
|
heap
|
page read and write
|
||
|
6D09A000
|
unkown
|
page readonly
|
||
|
2EB9000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
2EAF000
|
heap
|
page read and write
|
||
|
62480000
|
unkown
|
page readonly
|
||
|
2EDB000
|
heap
|
page read and write
|
||
|
6EE00000
|
unkown
|
page readonly
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
6D28000
|
heap
|
page read and write
|
||
|
6CCF0000
|
unkown
|
page readonly
|
||
|
7C40000
|
heap
|
page read and write
|
||
|
6CCF1000
|
unkown
|
page execute read
|
||
|
6CF3A000
|
unkown
|
page readonly
|
||
|
7EC00000
|
direct allocation
|
page read and write
|
||
|
6CCC0000
|
unkown
|
page read and write
|
||
|
7D9F000
|
heap
|
page read and write
|
||
|
6E931000
|
unkown
|
page execute read
|
||
|
F99000
|
heap
|
page read and write
|
||
|
6D3D1000
|
unkown
|
page execute read
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
6CCF0000
|
unkown
|
page readonly
|
||
|
68ED000
|
stack
|
page read and write
|
||
|
6D429000
|
unkown
|
page read and write
|
||
|
70F41000
|
unkown
|
page execute read
|
||
|
6D461000
|
unkown
|
page read and write
|
||
|
6EE00000
|
unkown
|
page readonly
|
||
|
6D3D0000
|
unkown
|
page readonly
|
||
|
6D416000
|
unkown
|
page readonly
|
||
|
7D34000
|
heap
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
6FD0000
|
trusted library allocation
|
page read and write
|
||
|
6EEC000
|
heap
|
page read and write
|
||
|
2E97000
|
heap
|
page read and write
|
||
|
6EE5F000
|
unkown
|
page readonly
|
||
|
6D416000
|
unkown
|
page readonly
|
||
|
6D42000
|
heap
|
page read and write
|
||
|
6CC61000
|
unkown
|
page execute read
|
||
|
6D441000
|
unkown
|
page execute read
|
||
|
7FC40000
|
direct allocation
|
page read and write
|
||
|
6F0B000
|
heap
|
page read and write
|
||
|
6CF15000
|
unkown
|
page readonly
|
||
|
62D000
|
stack
|
page read and write
|
||
|
D00000
|
heap
|
page readonly
|
||
|
6D0A1000
|
unkown
|
page readonly
|
||
|
67ED000
|
stack
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
6EE5D000
|
unkown
|
page read and write
|
||
|
6D068000
|
unkown
|
page write copy
|
||
|
7103D000
|
unkown
|
page read and write
|
||
|
6F32000
|
heap
|
page read and write
|
||
|
6D44D000
|
unkown
|
page readonly
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
B11000
|
unkown
|
page read and write
|
||
|
6D014000
|
unkown
|
page read and write
|
||
|
62E81000
|
unkown
|
page execute read
|
||
|
6CA9000
|
heap
|
page read and write
|
||
|
2EAF000
|
heap
|
page read and write
|
||
|
2EDB000
|
heap
|
page read and write
|
||
|
6D063000
|
unkown
|
page write copy
|
||
|
6D6EC000
|
unkown
|
page readonly
|
||
|
498000
|
stack
|
page read and write
|
||
|
6D060000
|
unkown
|
page readonly
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
791000
|
heap
|
page read and write
|
||
|
6CEB2000
|
unkown
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
6EE08000
|
unkown
|
page read and write
|
||
|
2EA6000
|
heap
|
page read and write
|
||
|
6F4D000
|
stack
|
page read and write
|
||
|
6D0B0000
|
unkown
|
page readonly
|
||
|
2D6C000
|
heap
|
page read and write
|
||
|
6D34F000
|
unkown
|
page readonly
|
||
|
6F0B000
|
heap
|
page read and write
|
||
|
6EDC000
|
heap
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
6EE01000
|
unkown
|
page execute read
|
||
|
686E000
|
stack
|
page read and write
|
||
|
5A471000
|
direct allocation
|
page read and write
|
||
|
6F1E000
|
heap
|
page read and write
|
||
|
6D0A1000
|
unkown
|
page readonly
|
||
|
6D068000
|
unkown
|
page write copy
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
F8D000
|
heap
|
page read and write
|
||
|
83C000
|
stack
|
page read and write
|
||
|
6E926000
|
unkown
|
page readonly
|
||
|
6CF9000
|
heap
|
page read and write
|
||
|
6D470000
|
unkown
|
page readonly
|
||
|
2EB9000
|
heap
|
page read and write
|
||
|
50CE000
|
trusted library allocation
|
page read and write
|
||
|
6D426000
|
unkown
|
page read and write
|
||
|
7FCE000
|
stack
|
page read and write
|
||
|
4A49000
|
trusted library allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
6EDB000
|
heap
|
page read and write
|
||
|
2E84000
|
heap
|
page read and write
|
||
|
6CDC000
|
heap
|
page read and write
|
||
|
4E18000
|
trusted library allocation
|
page read and write
|
||
|
7F289000
|
direct allocation
|
page read and write
|
||
|
6EE06000
|
unkown
|
page readonly
|
||
|
6D527000
|
unkown
|
page readonly
|
||
|
6CCD9000
|
unkown
|
page read and write
|
||
|
F8D000
|
heap
|
page read and write
|
||
|
6D427000
|
unkown
|
page write copy
|
||
|
279D000
|
stack
|
page read and write
|
||
|
6E920000
|
unkown
|
page readonly
|
||
|
6D0BC000
|
unkown
|
page readonly
|
||
|
6F0B000
|
heap
|
page read and write
|
||
|
FAE000
|
stack
|
page read and write
|
||
|
6EE1000
|
heap
|
page read and write
|
||
|
6F50000
|
trusted library allocation
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
4D2B000
|
trusted library allocation
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
6D0B1000
|
unkown
|
page execute read
|
||
|
F12000
|
heap
|
page read and write
|
||
|
6F90000
|
trusted library allocation
|
page read and write
|
||
|
B11000
|
unkown
|
page write copy
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
7080000
|
heap
|
page read and write
|
||
|
7EBB0000
|
direct allocation
|
page read and write
|
||
|
6EE41000
|
unkown
|
page execute read
|
||
|
7E860000
|
direct allocation
|
page read and write
|
||
|
6D104000
|
unkown
|
page readonly
|
||
|
980000
|
heap
|
page read and write
|
||
|
6F0E000
|
stack
|
page read and write
|
||
|
6CCDF000
|
unkown
|
page write copy
|
||
|
7EB70000
|
direct allocation
|
page read and write
|
||
|
B12000
|
unkown
|
page write copy
|
||
|
6E940000
|
unkown
|
page readonly
|
||
|
6D464000
|
unkown
|
page readonly
|
||
|
7E9E0000
|
direct allocation
|
page read and write
|
||
|
6248F000
|
unkown
|
page readonly
|
||
|
62EA1000
|
unkown
|
page readonly
|
||
|
62481000
|
unkown
|
page execute read
|
||
|
2AFD000
|
stack
|
page read and write
|
||
|
6CC60000
|
unkown
|
page readonly
|
||
|
6D111000
|
unkown
|
page execute read
|
||
|
7CA0000
|
trusted library allocation
|
page read and write
|
||
|
7F870000
|
direct allocation
|
page read and write
|
||
|
6D0C1000
|
unkown
|
page readonly
|
||
|
7F8B0000
|
direct allocation
|
page read and write
|
||
|
F34000
|
heap
|
page read and write
|
||
|
7EA80000
|
direct allocation
|
page read and write
|
||
|
473E000
|
stack
|
page read and write
|
||
|
6FC0000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
6D07000
|
heap
|
page read and write
|
||
|
6CF36000
|
unkown
|
page write copy
|
||
|
6C90000
|
heap
|
page read and write
|
||
|
6E929000
|
unkown
|
page read and write
|
||
|
6D34A000
|
unkown
|
page read and write
|
||
|
6D1F000
|
heap
|
page read and write
|
||
|
697D000
|
stack
|
page read and write
|
||
|
6D069000
|
unkown
|
page readonly
|
||
|
6F32000
|
heap
|
page read and write
|
||
|
6CCE0000
|
unkown
|
page readonly
|
||
|
7DA5000
|
heap
|
page read and write
|
||
|
6D0B1000
|
unkown
|
page execute read
|
||
|
2EC8000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
6E931000
|
unkown
|
page execute read
|
||
|
6F0B000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
2E8F000
|
heap
|
page read and write
|
||
|
7B8D000
|
trusted library allocation
|
page read and write
|
||
|
6F60000
|
trusted library allocation
|
page read and write
|
||
|
F45000
|
heap
|
page read and write
|
||
|
6D0BC000
|
unkown
|
page readonly
|
||
|
6FB0000
|
trusted library allocation
|
page read and write
|
||
|
62495000
|
unkown
|
page read and write
|
||
|
6F32000
|
heap
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
6D440000
|
unkown
|
page readonly
|
||
|
6EB9000
|
heap
|
page read and write
|
||
|
6CCDA000
|
unkown
|
page write copy
|
||
|
6CCE0000
|
unkown
|
page readonly
|
||
|
6D429000
|
unkown
|
page read and write
|
||
|
62495000
|
unkown
|
page read and write
|
||
|
71030000
|
unkown
|
page readonly
|
||
|
6FA0000
|
trusted library allocation
|
page read and write
|
||
|
6D069000
|
unkown
|
page readonly
|
||
|
718000
|
heap
|
page read and write
|
||
|
68F0000
|
heap
|
page execute and read and write
|
||
|
6CEB3000
|
unkown
|
page readonly
|
||
|
6D0C0000
|
unkown
|
page read and write
|
||
|
6EB8000
|
heap
|
page read and write
|
||
|
7EA60000
|
direct allocation
|
page read and write
|
||
|
6E93F000
|
unkown
|
page read and write
|
||
|
6D081000
|
unkown
|
page execute read
|
||
|
6D524000
|
unkown
|
page read and write
|
||
|
C52000
|
trusted library allocation
|
page read and write
|
||
|
2EBD000
|
heap
|
page read and write
|
||
|
6CEB2000
|
unkown
|
page read and write
|
||
|
71030000
|
unkown
|
page readonly
|
||
|
6C60000
|
trusted library allocation
|
page read and write
|
||
|
2EDB000
|
heap
|
page read and write
|
||
|
8140000
|
trusted library allocation
|
page read and write
|
||
|
5761000
|
trusted library allocation
|
page read and write
|
||
|
6DCE000
|
stack
|
page read and write
|
||
|
7D9D000
|
heap
|
page read and write
|
||
|
2EDC000
|
heap
|
page read and write
|
||
|
62E81000
|
unkown
|
page execute read
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
62499000
|
unkown
|
page readonly
|
||
|
702D000
|
stack
|
page read and write
|
||
|
75D000
|
stack
|
page read and write
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
B14000
|
unkown
|
page readonly
|
||
|
6F32000
|
heap
|
page read and write
|
||
|
6D524000
|
unkown
|
page read and write
|
||
|
6D4C1000
|
unkown
|
page execute read
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
45C000
|
stack
|
page read and write
|
||
|
46FE000
|
stack
|
page read and write
|
||
|
6D44D000
|
unkown
|
page readonly
|
||
|
2EBC000
|
heap
|
page read and write
|
||
|
6249B000
|
unkown
|
page readonly
|
||
|
6D39000
|
heap
|
page read and write
|
||
|
71040000
|
unkown
|
page readonly
|
||
|
8150000
|
trusted library allocation
|
page read and write
|
||
|
62EA1000
|
unkown
|
page readonly
|
||
|
2F5F000
|
unkown
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
6D0D0000
|
unkown
|
page readonly
|
||
|
6D0C0000
|
unkown
|
page read and write
|
||
|
7103D000
|
unkown
|
page read and write
|
||
|
7C60000
|
trusted library allocation
|
page read and write
|
||
|
6D6FB000
|
unkown
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
6CF51000
|
unkown
|
page execute read
|
||
|
6D0D1000
|
unkown
|
page execute read
|
||
|
6E40000
|
heap
|
page execute and read and write
|
||
|
6D080000
|
unkown
|
page readonly
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
6D51000
|
heap
|
page read and write
|
||
|
6E30000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
62494000
|
unkown
|
page readonly
|
||
|
6D0D1000
|
unkown
|
page execute read
|
||
|
6D101000
|
unkown
|
page read and write
|
||
|
6EE09000
|
unkown
|
page readonly
|
||
|
7E8C000
|
heap
|
page read and write
|
||
|
7F22000
|
trusted library allocation
|
page read and write
|
||
|
6D427000
|
unkown
|
page write copy
|
||
|
6F33000
|
heap
|
page read and write
|
||
|
6F12000
|
heap
|
page read and write
|
||
|
7C67000
|
trusted library allocation
|
page read and write
|
||
|
6D061000
|
unkown
|
page read and write
|
||
|
62E9D000
|
unkown
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
6CD6000
|
heap
|
page read and write
|
||
|
7F9B0000
|
direct allocation
|
page read and write
|
||
|
6F12000
|
heap
|
page read and write
|
||
|
6EE08000
|
unkown
|
page read and write
|
||
|
EE7000
|
heap
|
page read and write
|
||
|
B11000
|
unkown
|
page write copy
|
||
|
6D6FD000
|
unkown
|
page readonly
|
||
|
2EC8000
|
heap
|
page read and write
|
||
|
6F1E000
|
heap
|
page read and write
|
||
|
70F41000
|
unkown
|
page execute read
|
||
|
F35000
|
heap
|
page read and write
|
||
|
6CF50000
|
unkown
|
page readonly
|
||
|
6248F000
|
unkown
|
page readonly
|
||
|
6CCDF000
|
unkown
|
page write copy
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
2E92000
|
heap
|
page read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
706B000
|
stack
|
page read and write
|
||
|
6CCC1000
|
unkown
|
page readonly
|
||
|
71040000
|
unkown
|
page readonly
|
||
|
6EE1000
|
heap
|
page read and write
|
||
|
5910000
|
trusted library allocation
|
page read and write
|
||
|
5907000
|
trusted library allocation
|
page read and write
|
||
|
6CCBE000
|
unkown
|
page read and write
|
||
|
6CCC1000
|
unkown
|
page readonly
|
||
|
305F000
|
stack
|
page read and write
|
||
|
6EE56000
|
unkown
|
page readonly
|
||
|
B14000
|
unkown
|
page readonly
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
6CF35000
|
unkown
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
C47000
|
heap
|
page read and write
|
||
|
6D441000
|
unkown
|
page execute read
|
||
|
B14000
|
unkown
|
page readonly
|
||
|
F44000
|
heap
|
page read and write
|
||
|
6D470000
|
unkown
|
page readonly
|
||
|
D6C000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
2EC8000
|
heap
|
page read and write
|
||
|
2EA6000
|
heap
|
page read and write
|
||
|
9B7000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
6EE06000
|
unkown
|
page readonly
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
2EBF000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
6F32000
|
heap
|
page read and write
|
||
|
6D3D0000
|
unkown
|
page readonly
|
||
|
6D34F000
|
unkown
|
page readonly
|
||
|
7C70000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
EDF000
|
heap
|
page read and write
|
||
|
6A7E000
|
stack
|
page read and write
|
||
|
D18000
|
trusted library allocation
|
page read and write
|
||
|
6CCC0000
|
unkown
|
page read and write
|
||
|
62499000
|
unkown
|
page readonly
|
||
|
6EE8000
|
heap
|
page read and write
|
||
|
6EDB000
|
heap
|
page read and write
|
||
|
62EA0000
|
unkown
|
page write copy
|
||
|
66D000
|
stack
|
page read and write
|
||
|
6D6C1000
|
unkown
|
page execute read
|
||
|
7170000
|
trusted library allocation
|
page read and write
|
||
|
62E95000
|
unkown
|
page readonly
|
||
|
6E8E000
|
stack
|
page read and write
|
||
|
6F12000
|
heap
|
page read and write
|
||
|
7EC30000
|
direct allocation
|
page read and write
|
||
|
62E9C000
|
unkown
|
page readonly
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
6E940000
|
unkown
|
page readonly
|
||
|
7C3E000
|
stack
|
page read and write
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
7E940000
|
direct allocation
|
page read and write
|
||
|
8F64000
|
heap
|
page read and write
|
||
|
6D013000
|
unkown
|
page write copy
|
||
|
79C000
|
heap
|
page read and write
|
||
|
2B00000
|
heap
|
page read and write
|
||
|
6D09A000
|
unkown
|
page readonly
|
||
|
C3F000
|
stack
|
page read and write
|
||
|
6D4D000
|
heap
|
page read and write
|
||
|
6F1E000
|
heap
|
page read and write
|
||
|
6D47B000
|
unkown
|
page readonly
|
||
|
7E8C000
|
heap
|
page read and write
|
||
|
73C000
|
heap
|
page read and write
|
||
|
62E9C000
|
unkown
|
page readonly
|
||
|
7F260000
|
direct allocation
|
page read and write
|
||
|
B14000
|
unkown
|
page readonly
|
||
|
F06000
|
heap
|
page read and write
|
||
|
6E93F000
|
unkown
|
page read and write
|
||
|
6D47F000
|
unkown
|
page readonly
|
||
|
DCD000
|
stack
|
page read and write
|
||
|
6D34A000
|
unkown
|
page read and write
|
||
|
7F940000
|
direct allocation
|
page read and write
|
||
|
6EE09000
|
unkown
|
page readonly
|
||
|
F26000
|
heap
|
page read and write
|
||
|
58430000
|
direct allocation
|
page read and write
|
||
|
2EBB000
|
heap
|
page read and write
|
||
|
4ECD000
|
heap
|
page read and write
|
||
|
7B90000
|
trusted library allocation
|
page read and write
|
||
|
F46000
|
heap
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
6CF50000
|
unkown
|
page readonly
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
6D2D5000
|
unkown
|
page readonly
|
||
|
6D464000
|
unkown
|
page readonly
|
||
|
6D3F000
|
heap
|
page read and write
|
||
|
6D063000
|
unkown
|
page write copy
|
||
|
F06000
|
heap
|
page read and write
|
||
|
7E880000
|
direct allocation
|
page read and write
|
||
|
F9D000
|
heap
|
page read and write
|
||
|
F45000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
7EB70000
|
direct allocation
|
page read and write
|
||
|
6CF3A000
|
unkown
|
page readonly
|
||
|
6D0F6000
|
unkown
|
page readonly
|
||
|
2EDB000
|
heap
|
page read and write
|
||
|
6EEC000
|
heap
|
page read and write
|
||
|
6F32000
|
heap
|
page read and write
|
||
|
6EDB000
|
heap
|
page read and write
|
||
|
C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EE40000
|
unkown
|
page readonly
|
||
|
AB0000
|
unkown
|
page readonly
|
||
|
D5E000
|
stack
|
page read and write
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
6CF15000
|
unkown
|
page readonly
|
||
|
6D47E000
|
unkown
|
page read and write
|
||
|
62498000
|
unkown
|
page write copy
|
||
|
6F12000
|
heap
|
page read and write
|
||
|
6D6C0000
|
unkown
|
page readonly
|
||
|
71004000
|
unkown
|
page write copy
|
||
|
1010000
|
heap
|
page read and write
|
||
|
7B70000
|
heap
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page read and write
|
||
|
6D110000
|
unkown
|
page readonly
|
||
|
F99000
|
heap
|
page read and write
|
||
|
6F1E000
|
heap
|
page read and write
|
||
|
6D440000
|
unkown
|
page readonly
|
||
|
6CCD4000
|
unkown
|
page readonly
|
||
|
B11000
|
unkown
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
6B72000
|
heap
|
page read and write
|
||
|
6D110000
|
unkown
|
page readonly
|
||
|
7D10000
|
heap
|
page read and write
|
||
|
6D6FD000
|
unkown
|
page readonly
|
||
|
AFE000
|
unkown
|
page readonly
|
||
|
F8D000
|
heap
|
page read and write
|
||
|
7DE50000
|
direct allocation
|
page read and write
|
||
|
7FE1000
|
trusted library allocation
|
page read and write
|
||
|
C29000
|
trusted library allocation
|
page read and write
|
||
|
7BFD000
|
stack
|
page read and write
|
||
|
6D0C1000
|
unkown
|
page readonly
|
||
|
6E920000
|
unkown
|
page readonly
|
||
|
4761000
|
trusted library allocation
|
page read and write
|
||
|
7FCC0000
|
direct allocation
|
page read and write
|
||
|
6D081000
|
unkown
|
page execute read
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
6EE8000
|
heap
|
page read and write
|
||
|
7F8E000
|
stack
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
7070000
|
heap
|
page read and write
|
||
|
AB1000
|
unkown
|
page execute read
|
||
|
F9B000
|
heap
|
page read and write
|
||
|
7B80000
|
trusted library allocation
|
page read and write
|
||
|
6D527000
|
unkown
|
page readonly
|
||
|
4F45000
|
trusted library allocation
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
EF7000
|
heap
|
page read and write
|
||
|
7FCF8000
|
direct allocation
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
6D47F000
|
unkown
|
page readonly
|
||
|
46BE000
|
stack
|
page read and write
|
||
|
2EAF000
|
heap
|
page read and write
|
||
|
F37000
|
heap
|
page read and write
|
||
|
70F40000
|
unkown
|
page readonly
|
||
|
7180000
|
trusted library allocation
|
page read and write
|
||
|
6ECE000
|
stack
|
page read and write
|
||
|
2EE4000
|
heap
|
page read and write
|
||
|
6EEC000
|
heap
|
page read and write
|
||
|
6D060000
|
unkown
|
page readonly
|
||
|
6D47B000
|
unkown
|
page readonly
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
998000
|
heap
|
page read and write
|
||
|
6E921000
|
unkown
|
page execute read
|
||
|
6CCDA000
|
unkown
|
page write copy
|
||
|
6F12000
|
heap
|
page read and write
|
||
|
69BB000
|
stack
|
page read and write
|
||
|
7C50000
|
trusted library allocation
|
page execute and read and write
|
||
|
F46000
|
heap
|
page read and write
|
||
|
6D014000
|
unkown
|
page read and write
|
||
|
6CF39000
|
unkown
|
page write copy
|
||
|
682B000
|
stack
|
page read and write
|
||
|
2EC8000
|
heap
|
page read and write
|
||
|
B14000
|
unkown
|
page readonly
|
||
|
6D52A000
|
unkown
|
page readonly
|
||
|
B13000
|
unkown
|
page read and write
|
||
|
7FCE8000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D09F000
|
unkown
|
page read and write
|
||
|
7EA80000
|
direct allocation
|
page read and write
|
||
|
F8D000
|
heap
|
page read and write
|
||
|
6F80000
|
trusted library allocation
|
page read and write
|
||
|
6D013000
|
unkown
|
page write copy
|
||
|
F46000
|
heap
|
page read and write
|
||
|
6249B000
|
unkown
|
page readonly
|
||
|
6D111000
|
unkown
|
page execute read
|
||
|
7D2C000
|
heap
|
page read and write
|
||
|
62EA0000
|
unkown
|
page write copy
|
||
|
2E74000
|
heap
|
page read and write
|
||
|
6D6EC000
|
unkown
|
page readonly
|
||
|
6CF35000
|
unkown
|
page read and write
|
||
|
2ED3000
|
heap
|
page read and write
|
||
|
48B6000
|
trusted library allocation
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
6EE1000
|
heap
|
page read and write
|
||
|
6EEC000
|
heap
|
page read and write
|
||
|
6CCBF000
|
unkown
|
page write copy
|
||
|
294F000
|
stack
|
page read and write
|
||
|
6CC61000
|
unkown
|
page execute read
|
||
|
6D461000
|
unkown
|
page read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
6D015000
|
unkown
|
page readonly
|
||
|
7E9E0000
|
direct allocation
|
page read and write
|
||
|
68F5000
|
heap
|
page execute and read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
4EC5000
|
trusted library allocation
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
D70000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EE8000
|
heap
|
page read and write
|
||
|
6D6FB000
|
unkown
|
page read and write
|
||
|
ED5000
|
heap
|
page read and write
|
||
|
463E000
|
stack
|
page read and write
|
||
|
6AFE000
|
stack
|
page read and write
|
||
|
6F12000
|
heap
|
page read and write
|
||
|
6D09F000
|
unkown
|
page read and write
|
||
|
2B4E000
|
unkown
|
page read and write
|
||
|
6D19000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
7F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EDB000
|
heap
|
page read and write
|
||
|
62E80000
|
unkown
|
page readonly
|
||
|
C14000
|
trusted library allocation
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
2D82000
|
heap
|
page read and write
|
||
|
6E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FD0000
|
trusted library allocation
|
page read and write
|
||
|
6D4C0000
|
unkown
|
page readonly
|
||
|
D80000
|
heap
|
page read and write
|
||
|
62E95000
|
unkown
|
page readonly
|
||
|
2EB9000
|
heap
|
page read and write
|
||
|
6D061000
|
unkown
|
page read and write
|
||
|
F06000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
C13000
|
trusted library allocation
|
page execute and read and write
|
||
|
71005000
|
unkown
|
page readonly
|
||
|
2EF9000
|
heap
|
page read and write
|
||
|
6EE000
|
stack
|
page read and write
|
||
|
6CF51000
|
unkown
|
page execute read
|
||
|
58F0000
|
trusted library allocation
|
page read and write
|
||
|
7D38000
|
heap
|
page read and write
|
||
|
6E10000
|
trusted library allocation
|
page read and write
|
||
|
2EC8000
|
heap
|
page read and write
|
There are 646 hidden memdumps, click here to show them.